'\" t
.TH "SYSTEMD\-MOUNTFSD\&.SERVICE" "8" "" "systemd 257" "systemd-mountfsd.service"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
systemd-mountfsd.service, systemd-mountfsd \- Disk Image File System Mount Service
.SH "SYNOPSIS"
.PP
systemd\-mountfsd\&.service
.PP
/usr/lib/systemd/systemd\-mountfsd
.SH "DESCRIPTION"
.PP
\fBsystemd\-mountfsd\fR
is a system service that dissects disk images, and returns mount file descriptors for the file systems contained therein to clients, via a Varlink IPC API\&.
.PP
The disk images provided must contain a raw file system image or must follow the
\m[blue]\fBDiscoverable Partitions Specification\fR\m[]\&\s-2\u[1]\d\s+2\&. Before mounting any file systems authenticity of the disk image is established in one or a combination of the following ways:
.sp
.RS 4
.ie n \{\
\h'-04' 1.\h'+01'\c
.\}
.el \{\
.sp -1
.IP "  1." 4.2
.\}
If the disk image is located in a regular file in one of the directories
/var/lib/machines/,
/var/lib/portables/,
/var/lib/extensions/,
/var/lib/confexts/
or their counterparts in the
/etc/,
/run/,
/usr/lib/
it is assumed to be trusted\&.
.RE
.sp
.RS 4
.ie n \{\
\h'-04' 2.\h'+01'\c
.\}
.el \{\
.sp -1
.IP "  2." 4.2
.\}
If the disk image contains a Verity enabled disk image, along with a signature partition with a key in the kernel keyring or in
/etc/verity\&.d/
(and related directories) the disk image is considered trusted\&.
.RE
.PP
This service provides one
\m[blue]\fBVarlink\fR\m[]\&\s-2\u[2]\d\s+2
service:
\fBio\&.systemd\&.MountFileSystem\fR
which accepts a file descriptor to a regular file or block device, and returns a number of file descriptors referring to an
\fBfsmount()\fR
file descriptor the client may then attach to a path of their choice\&.
.PP
The returned mounts are automatically allowlisted in the per\-user\-namespace allowlist maintained by
\fBsystemd-nsresourced.service\fR(8)\&.
.PP
The file systems are automatically
\fBfsck\fR(8)\*(Aqed before mounting\&.
.SH "SEE ALSO"
.PP
\fBsystemd\fR(1), \fBsystemd-nsresourced.service\fR(8)
.SH "NOTES"
.IP " 1." 4
Discoverable Partitions Specification
.RS 4
\%https://uapi-group.org/specifications/specs/discoverable_partitions_specification/
.RE
.IP " 2." 4
Varlink
.RS 4
\%https://varlink.org/
.RE
